The subject matter herein relates generally to methods and systems for equipment authentication within a medical network, and more particularly to authenticating remote medical component endpoints utilizing secure symmetric device-specific keys.
Healthcare facilities utilize a variety of electronic equipment in connection with diagnosis, treatment, patient monitoring and other patient related healthcare services. Various types of medical electronic equipment utilize sensors, actuators and the like, generally referred to as component endpoints, that detect various types of information and perform various actions. For example, a medical component endpoint may represent a wearable sensor placed on a patient, an equipment or physiologic sensor within a life-support system, and the like. As one example, the component endpoints may convey sensor data to patient monitoring equipment. Over time component endpoints need to be replaced more often than other parts of the medical electronic equipment. For example, the leads for a patient monitor may break, while the remainder of the patient monitoring equipment operates properly. Also, additional component endpoints are added to equipment over time, such as when a new system is set up or at later points in operation.
It is desirable to verify the authenticity of component endpoints that control operation of medical electronic equipment, and/or generate data and other information regarding patients and the medical electronic equipment. Authentication of monitoring equipment is desirable to ensure compatibility with other medical electronic equipment, reliability of measured data, proper operation of the medical equipment, as well as for other reasons.
One conventional technique for authenticating component endpoints includes providing the medical electronic equipment (e.g., patient monitor) with a public encryption key that matches an encryption key within the component endpoints. Public key encryption uses the public key of the receiver to encrypt the content of the message, and is another method for protecting the contents of a digital transmission. The sender can utilize the receiver's public key to encrypt the data. After the message is transmitted to the receiver, the receiver can use the secret key to decrypt the message. The medical electronic equipment and component endpoint utilize the common public encryption key to communicate with one another and as a verification that the component endpoint is a valid component authorized for use with the medical electronic equipment.
However, anyone in possession of a receiver's key could send information to the receiver, resulting in an undesirable outcome. Storing secret encryption keys on medical electronic equipment at a health care facility renders the keys susceptible to theft, discovery, or improper access by third parties. When an encryption key is compromised, unauthorized reproduction of the secret encryption key may occur for use on unauthorized component endpoints.
Further, while patient monitors or other medical electronic equipment are generally maintained in a secure environment, a risk still exists that the encryption keys may be discovered. For example, conventional authentication methods may utilize a global cipher message combination for multiple patient monitors and sensors within the network, meaning that each patient monitor and/or sensor shares the same key. Access to the key from an unauthorized user potentially compromises the entire network along with patient data. Also, device and/or sensor specific keys for authentication require key management that is tailored to avoid situations where a counterfeit device or sensor could respond correctly to authentication queries if blank or unused keys are available. The foregoing scenarios are undesirable.
A need remains for improved authentication systems and methods for component endpoints utilized in connection with medical networks.